Flask Snippets

This is an archived view of user-submitted snippets. Despite being
hosted on the Flask site, they are not official. No Flask
maintainer has curated or checked the snippets for security,
correctness, or design.

Decorator for the HTTP Access Control

Posted by Armin Ronacher
on 2011-07-14 @ 12:44
and filed in Decorators

Cross-site HTTP requests are HTTP requests for resources from a different domain than the domain of the resource making the request. For instance, a resource loaded from Domain A makes a request for a resource on Domain B. The way this is implemented in modern browsers is by using HTTP Access Control headers: Documentation on developer.mozilla.org.

I needed it to work for my flask-restless endpoints. I changed the decorator slightly to only return the origin headers if the response is a 2xx response (ie ignore 404s and other errors). I simply check the first character of the response status to make sure it starts with a 2.

if not attach_to_all and request.method != 'OPTIONS' or args[0].status[0] != '2':
return resp